Xiah

[Mokujin]

So heres the deal.
I started playing this new mmorpg called Xiah. However once the game starts
i cant seem to find a way to minamize it. I wanted to use Tsearch on it but
i cant if i cant get it off full screen. Ive tried Ctl-alt-del, and the windows button.
So i guess my main question is, is there any other way to get the client to minamize
to the tool bar..Thanx in advance

oh and here is the site:

[emjay]

disassemble it and set a bpx on GetForegroundWindow/SetForeGroundWindow (or maybe GetWindowPlacement/SetWindowPlacement - dunno what they are using tho).
locate the check and modify it

[XxAnimusxX]

lol i think this is a bit difficult to master for our non-coders
i think moku thought of a programm or some way like that to minimize the window, afaik there must be any 3d-benchmark progs that could do this job tho..

[Mokujin]

no actually emjay has the right idea thats exactly what i was looking for thanx guys
but after i find foreground window check...what should i modify it to so it wont dc me when i do try to minamize, cuz if i click ctr-alt-del it will minamize however i immediatly get dc and the client closes itself..which makes it impossible to search memory addresses, or read packets.

[emjay]

yep i know this problem, for the beginning set your disassembler to always on top (alt+f5 in ollydbg)
this might work if you hit your winkey (or try ctrl+esc) first but not for sure. you need to know GetForgegroundWindow stores the window handle in EAX. so you have to look what happens after that call (there might be 2-4 calls of it), look for a logical check on EAX (or the place where eax is stored after the call) and and try to understand it if you think that check leads you to the "quit game call/jmp" modify the jmp or even the value (look up the asm references if you dont know what jump to use).
there might be several checks on it, hard to say without knowing the game.

[Mokujin]

k thanx again...i think the prob may be a little deeper than this tho..
to start the game you have to go to there site-log on-then click the start button on there site, which then brings up the xiah client. Ive tried to bring up the client by itself however an error box comes up saying you have to log on to the site first..i may try to crack the error box however it seems like a lot of work for a game not many play. it seems they have came up with an effective way to further stop botting and other such hax....Anyway thanx again for your help.

[emjay]

hmm ok that is indeed a problem. good luck with tracking down the messagebox part. if you fail you can try
try to set a hook on CreateProcess sniff out the parameter given to the game exe. maybe you can find out the start paramter.
but for sure, hard checks for a free game
im downloading it right now, seems like fun to mess around with it.

[Mokujin]

sweet, let me know what u find...
However i feel like such a noob, this whole time im trying to fiquere out how i can minimize the client so i can run Tsearch on the client when i realize Tsearch has a Network feature so i can access the memory address from another comp lol. However there is alot of ppl in the forum on there site wandering how to minimize the client so im still gonna look into it..also another interesting fact i came across..if you use 2 monitors with the comp running the client, the client will dc and close out if u move the mouse to the monitor not running the client...Very Interesting!

[emjay]

i just installed it and hooked the process creation, the launchtool opens the process with these paramter: "|plainusername|encryptedpass?|gettickcount?|sessi onid M".
so there is a way to launch it via your disassembler (sniffing the data and start it from the disassembler with the paramter). FYI.
if you click on connect it runs the same command but without the M in the end. i think you can connect directly and skip that crc check

gonna play with it now

[Mokujin]

lol im sorry to say that with that last post you
lost me.
However i do appreciate the interest you have taken
to this problem. I will keep trying things however
i feel with your knowledge you will have a better
outcome than me

[emjay]

well the check is not in xiah.exe, xiah.exe creates a new process (xiahclient.exe) and closes 5 sec after that.
there is no simple check like if xiahhwnd == getforegroundwindow. they are using window messages via PeekMessage/PostMessage/TranslateMessage/GetMessage etc so i guess they send PostQuitMessage if WM_ACTIVATEAPP triggers. i didnt locate the real sender of the quit command yet.

btw did you find something interesting with t-search over network?

EDIT: uh almost forgot about this game.. here my last notes about the minimize thing..

Code:

hook CreateProcess/Winexec, Start game via browser, sniff out start parameter, suppress game start, launch XiahClient with the sniffed parameter (name|pass|gettickcount|sessionid), 004289F2 -> 9090, modify switch

004289EF   8038 22    CMP BYTE PTR DS:[EAX],22
004289F2   74 58     JE SHORT XiahClie.00428A4C      &#59; nop here

00427DD9 |. 8B45 10    MOV EAX,DWORD PTR SS:[EBP+10]   &#59; Case 1C (WM_ACTIVATEAPP) of switch 00427D9B
00427DDC |. 85C0      TEST EAX,EAX
00427DDE   0F85 C6020000 JNZ XiahClie.004280AA
00427DE4 |> 6A 00     PUSH 0              &#59; /ExitCode = 0; Case 2 (WM_DESTROY) of switch 00427D9B
00427DE6 |. FF15 F4D14E00 CALL DWORD PTR DS:[<&USER32.PostQuitMess>; \PostQuitMessage

[Mokujin]

well i did find memory addresses for money amount,
lvl, exp and stuff like that, There not static tho (Dma) of course. But i was able to change my money amount and lvl, All client side of course. Either today or tommarrow im gonna work on finding the root addresses then ill post em here